We’re building an application wherein we need to record some calls, and video passing through our application during those calls without being recorded would represent a serious vulnerability. It seems simulcast presents an obstacle to this, since video on layers that are not the recorded layer could potentially (if from a malicious client) contain secret information that does not get recorded. We’d thus like for the server to never accept simulcast streams from clients.
What’s the cleanest/most robust way to do this? Should this happen at the signalling layer just by direct inspection of the producer info? Or is there a way to configure the router or transport so that they don’t support simulcast?